Documente Academic
Documente Profesional
Documente Cultură
Hybrid SOC
Modern enterprises can generate hundreds of
millions of security events every day and these events
must be collected and analyzed around-the-clock
to detect actual or pending attacks. Conventionally,
organizations have staffed Security Operations
Centers (SOCs) and deployed SIEM technology as
the corner stone of their security event monitoring
programs. However, today many forward thinking
enterprises are adopting hybrid models where some
or all of these functions are outsourced to service
providers.
2. Threat Visibility
Cyberattacks are constantly morphing as hackers
exploit new vulnerabilities and create new variations
of malware. CryptoLocker, CryptoWall, and other
variants of ransomware are prime examples of this.
Service providers are often the first to see new
attack vectors and techniques as their customer
base encompasses organizations in many different
industries and locations. Compared to individual
enterprises, users of a managed security service may
also benefit from more sources of third party threat
intelligence feeds and advanced correlation analysis
between threat intelligence data and other suspicious
behavior. Overall, improved threat visibility increases
the chance of detecting and preventing a cyber
breach.
3. 24x7 Vigilance
6. Rapid Response
4. Lack of SIEM Content
The underlying effectiveness of a SIEM system
is driven by the rules and use cases that detect
indicators of attack, indicators of compromise,
or policy violations. Depending on the size and
complexity of an organizations infrastructure, a fully
functioning SIEM may have hundreds of use cases.
Default use cases provided by SIEM vendors are
often outdated, ineffective and not mapped to the
specific technologies and applications used by a
SIEM user.
Building SIEM content is time consuming and
requires an in-depth understanding of the threat
landscape and the logic by which security events are
mapped to different attack vectors and vulnerabilities.
Well-tuned rules and content help increase the
productivity of SOC analysts investigations ensuring
their time is spent on the most critical events and
not chasing false positives. Service providers can
leverage the cost of developing SIEM content
across many customers and dedicate resources to
continuously develop new and customized rules and
use cases.
7. Operational Excellence
Proficio Asia:
51 Changi Business Park
#03-11 The Signature
Singapore
+65-6996-9185
Copyright 2015 Proficio, Inc. All rights reserved. ProSOC is a registered trademark of Proficio Inc. All other
trademarks, service marks, registered marks, or registered service marks are the property of their respective
owners. Proficio assumes no responsibility for any inaccuracies in this document. Proficio reserves the right
to change, modify, transfer, or otherwise revise this publication without notice.